CVE-2019-3602 — Cross-site Scripting in LLC Mcafee Network Security Manager

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 57.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Mcafee Network Security Manager Mcafee Network Security Manager

Timeline

PublishedMay 15

Latest updateMay 24

Description

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDmcafee/network_security_manager< 9.1+1

▶CVEListV5mcafee_llc/mcafee_network_security_manager9.1 — 9.1 update 5 (9.1.7.77)

🔴Vulnerability Details

GHSA

GHSA-hwvp-jq48-4j48: Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9↗2022-05-24

▶